Fortinet black logo

CLI Reference

system {dhcp server | dhcp6 server}

system {dhcp server | dhcp6 server}

Configure DHCP servers used to assign IP settings, including IP addresses, to devices connected to a FortiGate interface.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set tftp-server <string> [<string>]

Multiple IP addresses or hostnames can now be entered, with each entry separated by a space.

config prefix-range

edit <id>

set start-prefix <prefix>

set end-prefix <prefix>

set prefix-length <length>

next

...

Configure a range for DHCPv6 server prefix delegation. Add a prefix range (starting and ending prefixes) and a prefix length, which determines the length of the prefix that the FortiGate sends downstream.

config system dhcp server
    edit {id}
    # Configure DHCP servers.
        set id {integer}   ID. range[0-4294967295]
        set status {disable | enable}   Enable/disable this DHCP configuration.
        set lease-time {integer}   Lease time in seconds, 0 means unlimited. range[300-8640000]
        set mac-acl-default-action {assign | block}   MAC access control default action (allow or block assigning IP settings).
                assign  Allow the DHCP server to assign IP settings to clients on the MAC access control list.
                block   Block the DHCP server from assigning IP settings to clients on the MAC access control list.
        set forticlient-on-net-status {disable | enable}   Enable/disable FortiClient-On-Net service for this DHCP server.
        set dns-service {local | default | specify}   Options for assigning DNS servers to DHCP clients.
                local    IP address of the interface the DHCP server is added to becomes the client's DNS server IP address.
                default  Clients are assigned the FortiGate's configured DNS servers.
                specify  Specify up to 3 DNS servers in the DHCP server configuration.
        set dns-server1 {ipv4 address}   DNS server 1.
        set dns-server2 {ipv4 address}   DNS server 2.
        set dns-server3 {ipv4 address}   DNS server 3.
        set wifi-ac1 {ipv4 address}   WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
        set wifi-ac2 {ipv4 address}   WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
        set wifi-ac3 {ipv4 address}   WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
        set ntp-service {local | default | specify}   Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
                local    IP address of the interface the DHCP server is added to becomes the client's NTP server IP address.
                default  Clients are assigned the FortiGate's configured NTP servers.
                specify  Specify up to 3 NTP servers in the DHCP server configuration.
        set ntp-server1 {ipv4 address}   NTP server 1.
        set ntp-server2 {ipv4 address}   NTP server 2.
        set ntp-server3 {ipv4 address}   NTP server 3.
        set domain {string}   Domain name suffix for the IP addresses that the DHCP server assigns to clients. size[35]
        set wins-server1 {ipv4 address}   WINS server 1.
        set wins-server2 {ipv4 address}   WINS server 2.
        set default-gateway {ipv4 address}   Default gateway IP address assigned by the DHCP server.
        set next-server {ipv4 address}   IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
        set netmask {ipv4 netmask}   Netmask assigned by the DHCP server.
        set interface {string}   DHCP server can assign IP configurations to clients connected to this interface. size[15] - datasource(s): system.interface.name
        config ip-range
            edit {id}
            # DHCP IP range configuration.
                set id {integer}   ID. range[0-4294967295]
                set start-ip {ipv4 address}   Start of IP range.
                set end-ip {ipv4 address}   End of IP range.
            next
        set timezone-option {disable | default | specify}   Options for the DHCP server to set the client's time zone.
                disable  Do not set the client's time zone.
                default  Clients are assigned the FortiGate's configured time zone.
                specify  Specify the time zone to be assigned to DHCP clients.
        set timezone {option}   Select the time zone to be assigned to DHCP clients.
                01  (GMT-11:00) Midway Island, Samoa
                02  (GMT-10:00) Hawaii
                03  (GMT-9:00) Alaska
                04  (GMT-8:00) Pacific Time (US & Canada)
                05  (GMT-7:00) Arizona
                81  (GMT-7:00) Baja California Sur, Chihuahua
                06  (GMT-7:00) Mountain Time (US & Canada)
                07  (GMT-6:00) Central America
                08  (GMT-6:00) Central Time (US & Canada)
                09  (GMT-6:00) Mexico City
                10  (GMT-6:00) Saskatchewan
                11  (GMT-5:00) Bogota, Lima,Quito
                12  (GMT-5:00) Eastern Time (US & Canada)
                13  (GMT-5:00) Indiana (East)
                74  (GMT-4:00) Caracas
                14  (GMT-4:00) Atlantic Time (Canada)
                77  (GMT-4:00) Georgetown
                15  (GMT-4:00) La Paz
                87  (GMT-4:00) Paraguay
                16  (GMT-3:00) Santiago
                17  (GMT-3:30) Newfoundland
                18  (GMT-3:00) Brasilia
                19  (GMT-3:00) Buenos Aires
                20  (GMT-3:00) Nuuk (Greenland)
                75  (GMT-3:00) Uruguay
                21  (GMT-2:00) Mid-Atlantic
                22  (GMT-1:00) Azores
                23  (GMT-1:00) Cape Verde Is.
                24  (GMT) Monrovia
                80  (GMT) Greenwich Mean Time
                79  (GMT) Casablanca
                25  (GMT) Dublin, Edinburgh, Lisbon, London
                26  (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
                27  (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
                28  (GMT+1:00) Brussels, Copenhagen, Madrid, Paris
                78  (GMT+1:00) Namibia
                29  (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb
                30  (GMT+1:00) West Central Africa
                31  (GMT+2:00) Athens, Sofia, Vilnius
                32  (GMT+2:00) Bucharest
                33  (GMT+2:00) Cairo
                34  (GMT+2:00) Harare, Pretoria
                35  (GMT+2:00) Helsinki, Riga, Tallinn
                36  (GMT+2:00) Jerusalem
                37  (GMT+3:00) Baghdad
                38  (GMT+3:00) Kuwait, Riyadh
                83  (GMT+3:00) Moscow
                84  (GMT+3:00) Minsk
                40  (GMT+3:00) Nairobi
                85  (GMT+3:00) Istanbul
                41  (GMT+3:30) Tehran
                42  (GMT+4:00) Abu Dhabi, Muscat
                43  (GMT+4:00) Baku
                39  (GMT+3:00) St. Petersburg, Volgograd
                44  (GMT+4:30) Kabul
                46  (GMT+5:00) Islamabad, Karachi, Tashkent
                47  (GMT+5:30) Kolkata, Chennai, Mumbai, New Delhi
                51  (GMT+5:30) Sri Jayawardenepara
                48  (GMT+5:45) Kathmandu
                45  (GMT+5:00) Ekaterinburg
                49  (GMT+6:00) Almaty, Novosibirsk
                50  (GMT+6:00) Astana, Dhaka
                52  (GMT+6:30) Rangoon
                53  (GMT+7:00) Bangkok, Hanoi, Jakarta
                54  (GMT+7:00) Krasnoyarsk
                55  (GMT+8:00) Beijing, ChongQing, HongKong, Urumgi, Irkutsk
                56  (GMT+8:00) Ulaan Bataar
                57  (GMT+8:00) Kuala Lumpur, Singapore
                58  (GMT+8:00) Perth
                59  (GMT+8:00) Taipei
                60  (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul
                62  (GMT+9:30) Adelaide
                63  (GMT+9:30) Darwin
                61  (GMT+9:00) Yakutsk
                64  (GMT+10:00) Brisbane
                65  (GMT+10:00) Canberra, Melbourne, Sydney
                66  (GMT+10:00) Guam, Port Moresby
                67  (GMT+10:00) Hobart
                68  (GMT+10:00) Vladivostok
                69  (GMT+10:00) Magadan
                70  (GMT+11:00) Solomon Is., New Caledonia
                71  (GMT+12:00) Auckland, Wellington
                72  (GMT+12:00) Fiji, Kamchatka, Marshall Is.
                00  (GMT+12:00) Eniwetok, Kwajalein
                82  (GMT+12:45) Chatham Islands
                73  (GMT+13:00) Nuku'alofa
                86  (GMT+13:00) Samoa
                76  (GMT+14:00) Kiritimati
        config tftp-server
            edit {tftp-server}
            # One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.
                set tftp-server {string}   TFTP server. size[63]
            next
        set filename {string}   Name of the boot file on the TFTP server. size[127]
        config options
            edit {id}
            # DHCP options.
                set id {integer}   ID. range[0-4294967295]
                set code {integer}   DHCP option code. range[0-255]
                set type {hex | string | ip | fqdn}   DHCP option type.
                        hex     DHCP option in hex.
                        string  DHCP option in string.
                        ip      DHCP option in IP.
                        fqdn    DHCP option in domain search option format.
                set value {string}   DHCP option value. size[312]
                set ip {string}   DHCP option IPs.
            next
        set server-type {regular | ipsec}   DHCP server can be a normal DHCP server or an IPsec DHCP server.
                regular  Regular DHCP service.
                ipsec    DHCP over IPsec service.
        set ip-mode {range | usrgrp}   Method used to assign client IP.
                range   Use range defined by start-ip/end-ip to assign client IP.
                usrgrp  Use user-group defined method to assign client IP.
        set conflicted-ip-timeout {integer}   Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. range[60-8640000]
        set ipsec-lease-hold {integer}   DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). range[0-8640000]
        set auto-configuration {disable | enable}   Enable/disable auto configuration.
        set ddns-update {disable | enable}   Enable/disable DDNS update for DHCP.
        set ddns-update-override {disable | enable}   Enable/disable DDNS update override for DHCP.
        set ddns-server-ip {ipv4 address}   DDNS server IP.
        set ddns-zone {string}   Zone of your domain name (ex. DDNS.com). size[64]
        set ddns-auth {disable | tsig}   DDNS authentication mode.
                disable  Disable DDNS authentication.
                tsig     TSIG based on RFC2845.
        set ddns-keyname {string}   DDNS update key name. size[64]
        set ddns-key {string}   DDNS update key (base 64 encoding).
        set ddns-ttl {integer}   TTL. range[60-86400]
        set vci-match {disable | enable}   Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served.
        config vci-string
            edit {vci-string}
            # One or more VCI strings in quotes separated by spaces.
                set vci-string {string}   VCI strings. size[255]
            next
        config exclude-range
            edit {id}
            # Exclude one or more ranges of IP addresses from being assigned to clients.
                set id {integer}   ID. range[0-4294967295]
                set start-ip {ipv4 address}   Start of IP range.
                set end-ip {ipv4 address}   End of IP range.
            next
        config reserved-address
            edit {id}
            # Options for the DHCP server to assign IP settings to specific MAC addresses.
                set id {integer}   ID. range[0-4294967295]
                set ip {ipv4 address}   IP address to be reserved for the MAC address.
                set mac {mac address}   MAC address of the client that will get the reserved IP address.
                set action {assign | block | reserved}   Options for the DHCP server to configure the client with the reserved MAC address.
                        assign    Configure the client with this MAC address like any other client.
                        block     Block the DHCP server from assigning IP settings to the client with this MAC address.
                        reserved  Assign the reserved IP address to the client with this MAC address.
                set description {string}   Description. size[255]
            next
    next
end
config system dhcp6 server
    edit {id}
    # Configure DHCPv6 servers.
        set id {integer}   ID. range[0-4294967295]
        set status {disable | enable}   Enable/disable this DHCPv6 configuration.
        set rapid-commit {disable | enable}   Enable/disable allow/disallow rapid commit.
        set lease-time {integer}   Lease time in seconds, 0 means unlimited. range[300-8640000]
        set dns-service {delegated | default | specify}    Options for assigning DNS servers to DHCPv6 clients.
                delegated  Delegated DNS settings.
                default    Clients are assigned the FortiGate's configured DNS servers.
                specify    Specify up to 3 DNS servers in the DHCPv6 server configuration.
        set dns-search-list {delegated | specify}   DNS search list options.
                delegated  Delegated the DNS search list.
                specify    Specify the DNS search list.
        set dns-server1 {ipv6 address}   DNS server 1.
        set dns-server2 {ipv6 address}   DNS server 2.
        set dns-server3 {ipv6 address}   DNS server 3.
        set domain {string}   Domain name suffix for the IP addresses that the DHCP server assigns to clients. size[35]
        set subnet {ipv6 prefix}   Subnet or subnet-id if the IP mode is delegated.
        set interface {string}   DHCP server can assign IP configurations to clients connected to this interface. size[15] - datasource(s): system.interface.name
        set option1 {string}   Option 1.
        set option2 {string}   Option 2.
        set option3 {string}   Option 3.
        set upstream-interface {string}   Interface name from where delegated information is provided. size[15] - datasource(s): system.interface.name
        set ip-mode {range | delegated}   Method used to assign client IP.
                range      Use range defined by start IP/end IP to assign client IP.
                delegated  Use delegated prefix method to assign client IP.
        config prefix-range
            edit {id}
            # DHCP prefix configuration.
                set id {integer}   ID. range[0-4294967295]
                set start-prefix {ipv6 address}   Start of prefix range.
                set end-prefix {ipv6 address}   End of prefix range.
                set prefix-length {integer}   Prefix length. range[1-128]
            next
        config ip-range
            edit {id}
            # DHCP IP range configuration.
                set id {integer}   ID. range[0-4294967295]
                set start-ip {ipv6 address}   Start of IP range.
                set end-ip {ipv6 address}   End of IP range.
            next
    next
end

status {disable | enable}

Enable or disable this DHCP server, default is enable.

lease-time <integer>

Lease time in seconds, value between 300 and 8640000 ( 5 minutes to almost 100 days), 0 for unlimited lease time, default is 604800.

mac-acl-default-action {assign | block}

MAC access control default action. Set whether or not the DHCP server assigns network settings to a DHCP client with a MAC address that is on the MAC address control list.

  • assign allow the DHCP server to assign IP settings to a client on the MAC address control list.
  • block block the DHCP from assigning IP settings to a client on the MAC address control list.

forticlient-on-net-status {disable | enable}

Enable or disable the FortiClient-On-Net service for this DHCP server, default is enable.

dns-service {local | default | specify}

How the DHCP clients are assigned DNS servers.

  • local IP address of the interface the DHCP server is added to becomes the client's DNS server IP address.
  • default IP addresses of the DNS servers added to the FortiGate configuration become the client's DNS server IP addresses.
  • specify specify up to 3 DNS servers in the DHCP server configuration.

dns-server1 <ip>

Set the IP address of DNS server(s) which will be used by DHCP clients, up to three DNS servers (dns-server1, dns-server2, and dns-server3).

wifi-ac1 <ip>

Set the IP address of up to three WiFi Access Controller(s) (wifi-ac1, wifi-ac2, and wifi-ac3). For DHCP option 138 to use DHCP to send WiFi access controller IP addresses to Wireless Termination Points (WTPs) (RFC 5417).

ntp-service {local | default | specify}

How the DHCP clients are assigned Network Time Protocol (NTP) servers.

  • local IP address of the interface the DHCP server is added to becomes the client's NTP server IP address.
  • default IP addresses of the NTP servers added to the FortiGate configuration become the client's NTP server IP addresses.
  • specify specify up to 3 NTP servers in the DHCP server configuration.

ntp-server1 <ip>

Set the IP address of NTP server(s), up to three NTP servers (ntp-server1, ntp-server2, and ntp-server3).

domain <string>

Domain name suffix for the IP addresses that the DHCP server assigns to clients.

wins-server1 <ip>

Set the IP address of WINS server(s), up to two WINS servers (wins-server1, and wins-server2).

default-gateway <ip>

The default gateway IP address that will be used by DHCP clients as their default gateway.

next-server <ip>

The IP address of the next bootstrap server. Add an IP address if you are using a secondary DHCP server to assign IP configuration options.

netmask <netmask>

The netmask assigned by the DHCP server

interface <interface-name>

The DHCP server can assign IP configurations to DHCP clients connected to this interface.

config ip-range

DHCP IP range configuration.

start-ip <ip>

The first IP of the range.

end-ip <ip>

The last IP of the range.

timezone-option {disable | default | specify}

How the DHCP server sets the client's time zone.

  • disable do not set the client's time zone.
  • default DHCP clients are assigned the FortiGate's configured time zone.
  • specify specify the time zone to be assigned to DHCP clients.

timezone <timezone-number>

Select the time zone that the DHCP server assigns to DHCP clients. Available if timezone-option is set to specify.

tftp-server <string> [<string>]

Hostnames or IP addresses of one or more TFTP servers.

filename <string>

The file name on the tftp server.

config options

The DHCP options configuration.

code <integer>

The option's code for DHCP, see RFC 2132 for more details.

type {hex | string | ip}

DHCP option in hexadecimal, string, or IP, default is hex.

value <string>

The value is specified as a single octet. Values are available per option, see RFC 2132 for more details.

server-type {regular | ipsec}

Regular DHCP service or DHCP over IPsec services.

conflicted-ip-timeout <integer>

The time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. Value between 60 to 8640000 seconds (1 minute to 100 days), default is 1800.

auto-configuration {disable | enable}

Disable or enable auto configuration, default is enable.

ddns-update {disable | enable}

Disable or enable Dynamic DNS update for DHCP, default is disable.

vci-match {disable | enable}

Disable or enable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI string are served, default is disabled.

vci-string <strings>

One or more VCI strings in quotes and separated by spaces.

config exclude-range

DHCP exclude range configuration.

start-ip <ip>

The first IP of the excluded range.

end-ip <ip>

The last IP of the excluded range.

config reserved-address

How the DHCP server assigns IP settings to specific MAC addresses.

ip <ip>

The IP address to be reserved for the client with the MAC address. Only valid if action is set to reserved.

mac <mac-address>

MAC address of the client to be configured by the DHCP server according to the action.

action {assign | block | reserved}

How the DHCP server configures the client with the reserved MAC address.

  • assign the DHCP server treats the client with this MAC address like any other client.
  • block block the DHCP server from assigning IP settings to the client with this MAC address.
  • reserved assign the reserved IP address to the client with this MAC address.

description <string>

Optionally describe the client with this MAC address.

system {dhcp server | dhcp6 server}

Configure DHCP servers used to assign IP settings, including IP addresses, to devices connected to a FortiGate interface.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set tftp-server <string> [<string>]

Multiple IP addresses or hostnames can now be entered, with each entry separated by a space.

config prefix-range

edit <id>

set start-prefix <prefix>

set end-prefix <prefix>

set prefix-length <length>

next

...

Configure a range for DHCPv6 server prefix delegation. Add a prefix range (starting and ending prefixes) and a prefix length, which determines the length of the prefix that the FortiGate sends downstream.

config system dhcp server
    edit {id}
    # Configure DHCP servers.
        set id {integer}   ID. range[0-4294967295]
        set status {disable | enable}   Enable/disable this DHCP configuration.
        set lease-time {integer}   Lease time in seconds, 0 means unlimited. range[300-8640000]
        set mac-acl-default-action {assign | block}   MAC access control default action (allow or block assigning IP settings).
                assign  Allow the DHCP server to assign IP settings to clients on the MAC access control list.
                block   Block the DHCP server from assigning IP settings to clients on the MAC access control list.
        set forticlient-on-net-status {disable | enable}   Enable/disable FortiClient-On-Net service for this DHCP server.
        set dns-service {local | default | specify}   Options for assigning DNS servers to DHCP clients.
                local    IP address of the interface the DHCP server is added to becomes the client's DNS server IP address.
                default  Clients are assigned the FortiGate's configured DNS servers.
                specify  Specify up to 3 DNS servers in the DHCP server configuration.
        set dns-server1 {ipv4 address}   DNS server 1.
        set dns-server2 {ipv4 address}   DNS server 2.
        set dns-server3 {ipv4 address}   DNS server 3.
        set wifi-ac1 {ipv4 address}   WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
        set wifi-ac2 {ipv4 address}   WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
        set wifi-ac3 {ipv4 address}   WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
        set ntp-service {local | default | specify}   Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
                local    IP address of the interface the DHCP server is added to becomes the client's NTP server IP address.
                default  Clients are assigned the FortiGate's configured NTP servers.
                specify  Specify up to 3 NTP servers in the DHCP server configuration.
        set ntp-server1 {ipv4 address}   NTP server 1.
        set ntp-server2 {ipv4 address}   NTP server 2.
        set ntp-server3 {ipv4 address}   NTP server 3.
        set domain {string}   Domain name suffix for the IP addresses that the DHCP server assigns to clients. size[35]
        set wins-server1 {ipv4 address}   WINS server 1.
        set wins-server2 {ipv4 address}   WINS server 2.
        set default-gateway {ipv4 address}   Default gateway IP address assigned by the DHCP server.
        set next-server {ipv4 address}   IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
        set netmask {ipv4 netmask}   Netmask assigned by the DHCP server.
        set interface {string}   DHCP server can assign IP configurations to clients connected to this interface. size[15] - datasource(s): system.interface.name
        config ip-range
            edit {id}
            # DHCP IP range configuration.
                set id {integer}   ID. range[0-4294967295]
                set start-ip {ipv4 address}   Start of IP range.
                set end-ip {ipv4 address}   End of IP range.
            next
        set timezone-option {disable | default | specify}   Options for the DHCP server to set the client's time zone.
                disable  Do not set the client's time zone.
                default  Clients are assigned the FortiGate's configured time zone.
                specify  Specify the time zone to be assigned to DHCP clients.
        set timezone {option}   Select the time zone to be assigned to DHCP clients.
                01  (GMT-11:00) Midway Island, Samoa
                02  (GMT-10:00) Hawaii
                03  (GMT-9:00) Alaska
                04  (GMT-8:00) Pacific Time (US & Canada)
                05  (GMT-7:00) Arizona
                81  (GMT-7:00) Baja California Sur, Chihuahua
                06  (GMT-7:00) Mountain Time (US & Canada)
                07  (GMT-6:00) Central America
                08  (GMT-6:00) Central Time (US & Canada)
                09  (GMT-6:00) Mexico City
                10  (GMT-6:00) Saskatchewan
                11  (GMT-5:00) Bogota, Lima,Quito
                12  (GMT-5:00) Eastern Time (US & Canada)
                13  (GMT-5:00) Indiana (East)
                74  (GMT-4:00) Caracas
                14  (GMT-4:00) Atlantic Time (Canada)
                77  (GMT-4:00) Georgetown
                15  (GMT-4:00) La Paz
                87  (GMT-4:00) Paraguay
                16  (GMT-3:00) Santiago
                17  (GMT-3:30) Newfoundland
                18  (GMT-3:00) Brasilia
                19  (GMT-3:00) Buenos Aires
                20  (GMT-3:00) Nuuk (Greenland)
                75  (GMT-3:00) Uruguay
                21  (GMT-2:00) Mid-Atlantic
                22  (GMT-1:00) Azores
                23  (GMT-1:00) Cape Verde Is.
                24  (GMT) Monrovia
                80  (GMT) Greenwich Mean Time
                79  (GMT) Casablanca
                25  (GMT) Dublin, Edinburgh, Lisbon, London
                26  (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
                27  (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
                28  (GMT+1:00) Brussels, Copenhagen, Madrid, Paris
                78  (GMT+1:00) Namibia
                29  (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb
                30  (GMT+1:00) West Central Africa
                31  (GMT+2:00) Athens, Sofia, Vilnius
                32  (GMT+2:00) Bucharest
                33  (GMT+2:00) Cairo
                34  (GMT+2:00) Harare, Pretoria
                35  (GMT+2:00) Helsinki, Riga, Tallinn
                36  (GMT+2:00) Jerusalem
                37  (GMT+3:00) Baghdad
                38  (GMT+3:00) Kuwait, Riyadh
                83  (GMT+3:00) Moscow
                84  (GMT+3:00) Minsk
                40  (GMT+3:00) Nairobi
                85  (GMT+3:00) Istanbul
                41  (GMT+3:30) Tehran
                42  (GMT+4:00) Abu Dhabi, Muscat
                43  (GMT+4:00) Baku
                39  (GMT+3:00) St. Petersburg, Volgograd
                44  (GMT+4:30) Kabul
                46  (GMT+5:00) Islamabad, Karachi, Tashkent
                47  (GMT+5:30) Kolkata, Chennai, Mumbai, New Delhi
                51  (GMT+5:30) Sri Jayawardenepara
                48  (GMT+5:45) Kathmandu
                45  (GMT+5:00) Ekaterinburg
                49  (GMT+6:00) Almaty, Novosibirsk
                50  (GMT+6:00) Astana, Dhaka
                52  (GMT+6:30) Rangoon
                53  (GMT+7:00) Bangkok, Hanoi, Jakarta
                54  (GMT+7:00) Krasnoyarsk
                55  (GMT+8:00) Beijing, ChongQing, HongKong, Urumgi, Irkutsk
                56  (GMT+8:00) Ulaan Bataar
                57  (GMT+8:00) Kuala Lumpur, Singapore
                58  (GMT+8:00) Perth
                59  (GMT+8:00) Taipei
                60  (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul
                62  (GMT+9:30) Adelaide
                63  (GMT+9:30) Darwin
                61  (GMT+9:00) Yakutsk
                64  (GMT+10:00) Brisbane
                65  (GMT+10:00) Canberra, Melbourne, Sydney
                66  (GMT+10:00) Guam, Port Moresby
                67  (GMT+10:00) Hobart
                68  (GMT+10:00) Vladivostok
                69  (GMT+10:00) Magadan
                70  (GMT+11:00) Solomon Is., New Caledonia
                71  (GMT+12:00) Auckland, Wellington
                72  (GMT+12:00) Fiji, Kamchatka, Marshall Is.
                00  (GMT+12:00) Eniwetok, Kwajalein
                82  (GMT+12:45) Chatham Islands
                73  (GMT+13:00) Nuku'alofa
                86  (GMT+13:00) Samoa
                76  (GMT+14:00) Kiritimati
        config tftp-server
            edit {tftp-server}
            # One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.
                set tftp-server {string}   TFTP server. size[63]
            next
        set filename {string}   Name of the boot file on the TFTP server. size[127]
        config options
            edit {id}
            # DHCP options.
                set id {integer}   ID. range[0-4294967295]
                set code {integer}   DHCP option code. range[0-255]
                set type {hex | string | ip | fqdn}   DHCP option type.
                        hex     DHCP option in hex.
                        string  DHCP option in string.
                        ip      DHCP option in IP.
                        fqdn    DHCP option in domain search option format.
                set value {string}   DHCP option value. size[312]
                set ip {string}   DHCP option IPs.
            next
        set server-type {regular | ipsec}   DHCP server can be a normal DHCP server or an IPsec DHCP server.
                regular  Regular DHCP service.
                ipsec    DHCP over IPsec service.
        set ip-mode {range | usrgrp}   Method used to assign client IP.
                range   Use range defined by start-ip/end-ip to assign client IP.
                usrgrp  Use user-group defined method to assign client IP.
        set conflicted-ip-timeout {integer}   Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. range[60-8640000]
        set ipsec-lease-hold {integer}   DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). range[0-8640000]
        set auto-configuration {disable | enable}   Enable/disable auto configuration.
        set ddns-update {disable | enable}   Enable/disable DDNS update for DHCP.
        set ddns-update-override {disable | enable}   Enable/disable DDNS update override for DHCP.
        set ddns-server-ip {ipv4 address}   DDNS server IP.
        set ddns-zone {string}   Zone of your domain name (ex. DDNS.com). size[64]
        set ddns-auth {disable | tsig}   DDNS authentication mode.
                disable  Disable DDNS authentication.
                tsig     TSIG based on RFC2845.
        set ddns-keyname {string}   DDNS update key name. size[64]
        set ddns-key {string}   DDNS update key (base 64 encoding).
        set ddns-ttl {integer}   TTL. range[60-86400]
        set vci-match {disable | enable}   Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served.
        config vci-string
            edit {vci-string}
            # One or more VCI strings in quotes separated by spaces.
                set vci-string {string}   VCI strings. size[255]
            next
        config exclude-range
            edit {id}
            # Exclude one or more ranges of IP addresses from being assigned to clients.
                set id {integer}   ID. range[0-4294967295]
                set start-ip {ipv4 address}   Start of IP range.
                set end-ip {ipv4 address}   End of IP range.
            next
        config reserved-address
            edit {id}
            # Options for the DHCP server to assign IP settings to specific MAC addresses.
                set id {integer}   ID. range[0-4294967295]
                set ip {ipv4 address}   IP address to be reserved for the MAC address.
                set mac {mac address}   MAC address of the client that will get the reserved IP address.
                set action {assign | block | reserved}   Options for the DHCP server to configure the client with the reserved MAC address.
                        assign    Configure the client with this MAC address like any other client.
                        block     Block the DHCP server from assigning IP settings to the client with this MAC address.
                        reserved  Assign the reserved IP address to the client with this MAC address.
                set description {string}   Description. size[255]
            next
    next
end
config system dhcp6 server
    edit {id}
    # Configure DHCPv6 servers.
        set id {integer}   ID. range[0-4294967295]
        set status {disable | enable}   Enable/disable this DHCPv6 configuration.
        set rapid-commit {disable | enable}   Enable/disable allow/disallow rapid commit.
        set lease-time {integer}   Lease time in seconds, 0 means unlimited. range[300-8640000]
        set dns-service {delegated | default | specify}    Options for assigning DNS servers to DHCPv6 clients.
                delegated  Delegated DNS settings.
                default    Clients are assigned the FortiGate's configured DNS servers.
                specify    Specify up to 3 DNS servers in the DHCPv6 server configuration.
        set dns-search-list {delegated | specify}   DNS search list options.
                delegated  Delegated the DNS search list.
                specify    Specify the DNS search list.
        set dns-server1 {ipv6 address}   DNS server 1.
        set dns-server2 {ipv6 address}   DNS server 2.
        set dns-server3 {ipv6 address}   DNS server 3.
        set domain {string}   Domain name suffix for the IP addresses that the DHCP server assigns to clients. size[35]
        set subnet {ipv6 prefix}   Subnet or subnet-id if the IP mode is delegated.
        set interface {string}   DHCP server can assign IP configurations to clients connected to this interface. size[15] - datasource(s): system.interface.name
        set option1 {string}   Option 1.
        set option2 {string}   Option 2.
        set option3 {string}   Option 3.
        set upstream-interface {string}   Interface name from where delegated information is provided. size[15] - datasource(s): system.interface.name
        set ip-mode {range | delegated}   Method used to assign client IP.
                range      Use range defined by start IP/end IP to assign client IP.
                delegated  Use delegated prefix method to assign client IP.
        config prefix-range
            edit {id}
            # DHCP prefix configuration.
                set id {integer}   ID. range[0-4294967295]
                set start-prefix {ipv6 address}   Start of prefix range.
                set end-prefix {ipv6 address}   End of prefix range.
                set prefix-length {integer}   Prefix length. range[1-128]
            next
        config ip-range
            edit {id}
            # DHCP IP range configuration.
                set id {integer}   ID. range[0-4294967295]
                set start-ip {ipv6 address}   Start of IP range.
                set end-ip {ipv6 address}   End of IP range.
            next
    next
end

status {disable | enable}

Enable or disable this DHCP server, default is enable.

lease-time <integer>

Lease time in seconds, value between 300 and 8640000 ( 5 minutes to almost 100 days), 0 for unlimited lease time, default is 604800.

mac-acl-default-action {assign | block}

MAC access control default action. Set whether or not the DHCP server assigns network settings to a DHCP client with a MAC address that is on the MAC address control list.

  • assign allow the DHCP server to assign IP settings to a client on the MAC address control list.
  • block block the DHCP from assigning IP settings to a client on the MAC address control list.

forticlient-on-net-status {disable | enable}

Enable or disable the FortiClient-On-Net service for this DHCP server, default is enable.

dns-service {local | default | specify}

How the DHCP clients are assigned DNS servers.

  • local IP address of the interface the DHCP server is added to becomes the client's DNS server IP address.
  • default IP addresses of the DNS servers added to the FortiGate configuration become the client's DNS server IP addresses.
  • specify specify up to 3 DNS servers in the DHCP server configuration.

dns-server1 <ip>

Set the IP address of DNS server(s) which will be used by DHCP clients, up to three DNS servers (dns-server1, dns-server2, and dns-server3).

wifi-ac1 <ip>

Set the IP address of up to three WiFi Access Controller(s) (wifi-ac1, wifi-ac2, and wifi-ac3). For DHCP option 138 to use DHCP to send WiFi access controller IP addresses to Wireless Termination Points (WTPs) (RFC 5417).

ntp-service {local | default | specify}

How the DHCP clients are assigned Network Time Protocol (NTP) servers.

  • local IP address of the interface the DHCP server is added to becomes the client's NTP server IP address.
  • default IP addresses of the NTP servers added to the FortiGate configuration become the client's NTP server IP addresses.
  • specify specify up to 3 NTP servers in the DHCP server configuration.

ntp-server1 <ip>

Set the IP address of NTP server(s), up to three NTP servers (ntp-server1, ntp-server2, and ntp-server3).

domain <string>

Domain name suffix for the IP addresses that the DHCP server assigns to clients.

wins-server1 <ip>

Set the IP address of WINS server(s), up to two WINS servers (wins-server1, and wins-server2).

default-gateway <ip>

The default gateway IP address that will be used by DHCP clients as their default gateway.

next-server <ip>

The IP address of the next bootstrap server. Add an IP address if you are using a secondary DHCP server to assign IP configuration options.

netmask <netmask>

The netmask assigned by the DHCP server

interface <interface-name>

The DHCP server can assign IP configurations to DHCP clients connected to this interface.

config ip-range

DHCP IP range configuration.

start-ip <ip>

The first IP of the range.

end-ip <ip>

The last IP of the range.

timezone-option {disable | default | specify}

How the DHCP server sets the client's time zone.

  • disable do not set the client's time zone.
  • default DHCP clients are assigned the FortiGate's configured time zone.
  • specify specify the time zone to be assigned to DHCP clients.

timezone <timezone-number>

Select the time zone that the DHCP server assigns to DHCP clients. Available if timezone-option is set to specify.

tftp-server <string> [<string>]

Hostnames or IP addresses of one or more TFTP servers.

filename <string>

The file name on the tftp server.

config options

The DHCP options configuration.

code <integer>

The option's code for DHCP, see RFC 2132 for more details.

type {hex | string | ip}

DHCP option in hexadecimal, string, or IP, default is hex.

value <string>

The value is specified as a single octet. Values are available per option, see RFC 2132 for more details.

server-type {regular | ipsec}

Regular DHCP service or DHCP over IPsec services.

conflicted-ip-timeout <integer>

The time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. Value between 60 to 8640000 seconds (1 minute to 100 days), default is 1800.

auto-configuration {disable | enable}

Disable or enable auto configuration, default is enable.

ddns-update {disable | enable}

Disable or enable Dynamic DNS update for DHCP, default is disable.

vci-match {disable | enable}

Disable or enable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI string are served, default is disabled.

vci-string <strings>

One or more VCI strings in quotes and separated by spaces.

config exclude-range

DHCP exclude range configuration.

start-ip <ip>

The first IP of the excluded range.

end-ip <ip>

The last IP of the excluded range.

config reserved-address

How the DHCP server assigns IP settings to specific MAC addresses.

ip <ip>

The IP address to be reserved for the client with the MAC address. Only valid if action is set to reserved.

mac <mac-address>

MAC address of the client to be configured by the DHCP server according to the action.

action {assign | block | reserved}

How the DHCP server configures the client with the reserved MAC address.

  • assign the DHCP server treats the client with this MAC address like any other client.
  • block block the DHCP server from assigning IP settings to the client with this MAC address.
  • reserved assign the reserved IP address to the client with this MAC address.

description <string>

Optionally describe the client with this MAC address.